PT-2022-5945 · Avg+1 · Avg Anti-Virus+1
Or Yair
·
Published
2022-12-05
·
Updated
2022-12-07
·
CVE-2022-4173
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Avast Antivirus versions prior to 22.10
AVG Anti-Virus versions prior to 22.10
Description
The issue is related to insecure privilege management within the malware removal functionality of Avast and AVG Antivirus. An attacker with write access to the filesystem can exploit this to escalate their privileges in certain scenarios.
Recommendations
For Avast Antivirus versions prior to 22.10, update to version 22.10 to resolve the issue.
For AVG Anti-Virus versions prior to 22.10, update to version 22.10 to resolve the issue.
As a temporary workaround, consider restricting write access to the filesystem to minimize the risk of exploitation.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Avg Anti-Virus
Avast Antivirus